你在这里

Cert 脆弱性通告(CVE-2011-4313)

Cert 脆弱性通告(CVE-2011-4313)

2011/11/16 ISC公布一个DNS解析服务器BIND 9的一个弱点。所有开启递归查询的NIOS版本都受此弱点影响。如果名称服务器受到此问题影响,BIND 将自动关闭并且抛出以下日志:“INSIST(!dns_rdataset_isassociated(sigrdataset))”

NIOS的监控程序一旦发现此问题将会重新启动BIND程序。虽然DNS服务会在NIOS的监控程序协助下保持正常但还是推荐用户升级到具有补丁的新版NIOS。关于CVE-2011-4313弱点的更多信息请查看以下网址 http://www.isc.org/advisories

已经解决CVE-2011-4313弱点的NIOS版本: NIOS 6.2.5 与 NIOS 5.1r5-4 已经可以在infoblox的支持网站 http://support.infoblox.com 上下载

关于升级建议:

  • vNIOS/NIOS 6.x 升级到NIOS 6.2.5
  • vNIOS/NIOS 5.x 升级到NIOS 5.1r5-4/5.1r4-9
  • vNIOS/NIOS 4.x 升级到NIOS 4.3r8-6

最新消息与详细的发布说明请关注Infoblox的技术支持网站 http://support.infoblox.com
 


以下是英文原文

On November 16, 2011, ISC announced a vulnerability that causes issues for BIND 9 based DNS resolvers (CVE-2011-4313). All supported NIOS releases are impacted by this defect if NIOS is deployed as a recursive DNS server. When the server experiences the problem, DNS service will exit with the following message: "INSIST(!dns_rdataset_isassociated(sigrdataset))".

However the NIOS monitoring process automatically restarts the DNS service after it detects the failure. NIOS monitoring helps to recover services automatically, but Infoblox recommends customers to upgrade to one of the available patches. More information regarding CVE-2011-4313 can be found at http://www.isc.org/advisories.

Please note that the following patches are now available for download on the Support website (http://support.infoblox.com ) that address CVE-2011-4313: NIOS 6.2.5 and NIOS 5.1r5-4.

Upgrade recommendations:

If you are running a vNIOS/NIOS 6.x release, we strongly recommend upgrading to NIOS 6.2.5

If you are running a vNIOS/NIOS 5.x release, we strongly recommend upgrading to either NIOS 5.1r5-4 or NIOS 5.1r4-9 (ETA for the NIOS 5.1r4-9 patch release is 11.17.2011)

If you are running a vNIOS/NIOS 4.x release, we strongly recommend upgrading to NIOS 4.3r8-6 (ETA for the NIOS 4.3r8-6 patch release is 11.17.2011)

For the latest information and access to the available patches including detailed Release Notes, please navigate to the Infoblox Support site (http://support.infoblox.com).